From 24b12ab3461c8443c55fb482bc4a52b8febe9aa5 Mon Sep 17 00:00:00 2001 From: arewm Date: Tue, 6 Aug 2024 13:29:52 -0400 Subject: [PATCH] unify on a common buildah image for all tasks Updating the image used for the remote tasks resulted in a bump in the buildah version. This includes https://github.com/containers/common/commit/08fc0b450 which no longer sets the repository or tag when pulling without the optional name. To properly populate the image in the container's registry, we need to push and pull it with the optional name. Signed-off-by: arewm --- task-generator/remote/main.go | 5 ++--- .../build-image-manifest/0.1/build-image-manifest.yaml | 2 +- task/buildah-oci-ta/0.1/buildah-oci-ta.yaml | 4 ++-- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 4 ++-- .../0.1/buildah-remote-oci-ta.yaml | 10 +++++----- .../0.2/buildah-remote-oci-ta.yaml | 10 +++++----- task/buildah-remote/0.1/buildah-remote.yaml | 10 +++++----- task/buildah-remote/0.2/buildah-remote.yaml | 10 +++++----- task/buildah/0.1/buildah.yaml | 4 ++-- task/buildah/0.2/buildah.yaml | 4 ++-- 10 files changed, 31 insertions(+), 32 deletions(-) diff --git a/task-generator/remote/main.go b/task-generator/remote/main.go index 950da014b..361671a1b 100644 --- a/task-generator/remote/main.go +++ b/task-generator/remote/main.go @@ -224,7 +224,7 @@ if ! [[ $IS_LOCALHOST ]]; then ret += "cd " + step.WorkingDir + "\n" } ret += step.Script - ret += "\nbuildah push \"$IMAGE\" oci:rhtap-final-image" + ret += "\nbuildah push \"$IMAGE\" \"oci:konflux-final-image:$IMAGE\"" ret += "\nREMOTESSHEOF" ret += "\nchmod +x " + script + "\n" @@ -253,7 +253,7 @@ if ! [[ $IS_LOCALHOST ]]; then //sync back results ret += "\n rsync -ra \"$SSH_HOST:$BUILD_DIR/results/\" \"/tekton/results/\"" - ret += "\n buildah pull oci:rhtap-final-image" + ret += "\n buildah pull \"oci:konflux-final-image:$IMAGE\"" ret += "\nelse\n bash " + containerScript ret += "\nfi" ret += "\nbuildah images" @@ -266,7 +266,6 @@ if ! [[ $IS_LOCALHOST ]]; then } step.Script = ret builderImage = step.Image - step.Image = "quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44" step.VolumeMounts = append(step.VolumeMounts, v1.VolumeMount{ Name: "ssh", ReadOnly: true, diff --git a/task/build-image-manifest/0.1/build-image-manifest.yaml b/task/build-image-manifest/0.1/build-image-manifest.yaml index 57ba3c3a9..26b045658 100644 --- a/task/build-image-manifest/0.1/build-image-manifest.yaml +++ b/task/build-image-manifest/0.1/build-image-manifest.yaml @@ -54,7 +54,7 @@ spec: - name: COMMIT_SHA value: $(params.COMMIT_SHA) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent name: build diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml index d4e6ea371..45f0f325f 100644 --- a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml @@ -220,7 +220,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 - name: build - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 args: - $(params.BUILD_ARGS[*]) workingDir: /var/workdir @@ -528,7 +528,7 @@ spec: securityContext: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 workingDir: /var/workdir volumeMounts: - mountPath: /var/lib/containers diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index f6db08c93..e9958b496 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -222,7 +222,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 - name: build - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 args: - $(params.BUILD_ARGS[*]) workingDir: /var/workdir @@ -506,7 +506,7 @@ spec: securityContext: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 workingDir: /var/workdir volumeMounts: - mountPath: /var/lib/containers diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml index 82bbcee8c..1b846e70e 100644 --- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml @@ -184,7 +184,7 @@ spec: - name: YUM_REPOS_D_TARGET value: $(params.YUM_REPOS_D_TARGET) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 volumeMounts: - mountPath: /shared name: shared @@ -209,7 +209,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -438,7 +438,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" >/var/workdir/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -478,7 +478,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -617,7 +617,7 @@ spec: runAsUser: 0 workingDir: /var/workdir - computeResources: {} - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | base_image_name=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.name"}}' $IMAGE | cut -f1 -d'@') diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 7efd36035..e46c8c593 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -191,7 +191,7 @@ spec: - name: YUM_REPOS_D_TARGET value: $(params.YUM_REPOS_D_TARGET) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 - name: PLATFORM value: $(params.PLATFORM) - name: IMAGE_APPEND_PLATFORM @@ -221,7 +221,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -456,7 +456,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" >/shared/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -497,7 +497,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -624,7 +624,7 @@ spec: requests: cpu: "1" memory: 1Gi - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | #!/bin/bash diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index 05af19f28..a31b91263 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -181,7 +181,7 @@ spec: - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 volumeMounts: - mountPath: /shared name: shared @@ -197,7 +197,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -430,7 +430,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" > $(workspaces.source.path)/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -471,7 +471,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -610,7 +610,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | if [ -n "${PARAM_BUILDER_IMAGE}" ]; then diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 365ad9e91..05562e787 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -182,7 +182,7 @@ spec: - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 - name: PLATFORM value: $(params.PLATFORM) - name: IMAGE_APPEND_PLATFORM @@ -203,7 +203,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -438,7 +438,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" > /shared/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -479,7 +479,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -606,7 +606,7 @@ spec: requests: cpu: "1" memory: 1Gi - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | #!/bin/bash diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml index 87cac0295..5771a08f0 100644 --- a/task/buildah/0.1/buildah.yaml +++ b/task/buildah/0.1/buildah.yaml @@ -169,7 +169,7 @@ spec: value: $(params.SKIP_UNUSED_STAGES) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build computeResources: limits: @@ -491,7 +491,7 @@ spec: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 computeResources: {} script: | if [ -n "${PARAM_BUILDER_IMAGE}" ]; then diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 4e2545048..a5793f332 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -164,7 +164,7 @@ spec: value: $(params.SKIP_UNUSED_STAGES) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build computeResources: limits: @@ -455,7 +455,7 @@ spec: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 computeResources: limits: memory: 4Gi